Offensive Security Engineer III
India - Hyderabad
Applications have closed
Fanatics
Fanatics.com is the ultimate sports apparel and Fan Gear Store, featuring football Jerseys, T-shirts, Hats, Collectibles and merchandise for fans of the NFL, MLB, NBA, NHL, Soccer, and College.Fanatics is searching for an experienced application security specialist to help protect Fanatics-developed applications which are used externally and internally. A successful candidate will display strong communication and technical skills and be comfortable and effective working independently and as part of a larger, highly distributed team.We're looking specifically for folks who place an emphasis on usable security and scaling successfully through automation. Fanatics is a fast-growing company, and our security program needs to be able to keep pace with that growth while not disrupting innovation. Responsible for continually improving product security by partnering with developers in all phases of software development life cycle. Work with teams to ensure security standards are maintained on the design and implementation of applications and systems in cloud and on-premises environments.
EXPERIENCE REQUIRED:· A minimum of 3 years of experience. RESPONSIBILITIES: · Establish security best processes and practices for our mobile, on-premises and cloud-based platforms.· Provide expert knowledge and guidance to the product teams about security vulnerabilities and remediation controls.· Support and consult with product and development teams in the area of application security, including threat modeling and Application Security reviews.· Implement, continuously develop, and maintain secure Software Security Development Lifecycle processes and software maturity model.· Perform threat modeling, secure design, and source code review.· Conduct security assessments, security testing and validation of vulnerability scan results.· Assist teams in reproducing, triaging, and addressing application security vulnerabilities.· Incorporate security tools/tasks to automate product development and deployment.· Develop, implement, and automate defensive controls, creating and tuning tools and rules to detect and address malicious activity. Responsible for integration of security controls into SDLC. · Establish supply chain security process and ensure 3rd party software meet the standards.Facilitate injection, integration, and compliance for Static Application Security Testing (SAST), Container Security Scanning & Open-Source Security Analysis during development phase. Facilitate injection, integration, and compliance for Dynamic Application Security Testing (DAST)Contribute to triaging, addressing security issues and tracking remediation.Own and manage Secure SDLC tooling.Develop and customize security tools used by security teams and developers.Work closely with development teams to build security directly into their SDLCs.Provide remediation guidance to programmers and management.Support bug bounty programSupport the preparation of security releases· Mentor and train development teams on secure coding standards and techniques. Develop Secure Coding Program.· Constantly innovate at the pace of the adversary using latest techniques. EDUCATIONAL REQUIREMENTS: · Bachelor’s degree in computer science, Information Systems, or equivalent combination of education and experience · Certifications in the field of Information Security (at least one of the following: CISSP, CEH, GIAC CPEN, OSCP, OSWE, CWAPT, GWAPT, GWEB)
Things We Care About
· Your career growth, your ideas, your work-life balance, and your well-being.· Diversity and Inclusion· Our Company Culture and Values· Providing outstanding Company Perks and Benefits
Company Overview Fanatics is building a leading global digital sports platform to ignite and harness the passions of fans and maximize the presence and reach for hundreds of partners globally. Optimizing these long-standing partnerships, a database of more than 80 million global consumers and a trusted, recognizable brand name, Fanatics is expanding beyond its position as a global leader for licensed sports merchandise to now becoming a next-gen digital sports platform, featuring an array of offerings for fans across the sports ecosystem. The Fanatics family of companies currently includes Fanatics Commerce, a vertically-integrated licensed merchandise business that has changed the way fans purchase their favorite team apparel, jerseys, headwear and hardgoods through a tech-infused approach to making and quickly distributing fan gear in today’s 24/7 mobile-first economy; Candy Digital, a digital collectibles company that is partnering with prominent sports properties, including MLB and MLBPA, to build an official NFT ecosystem; Fanatics Collectibles, through Topps as a cornerstone of the business, building a new model for the collectibles and trading cards hobby with top leagues and players association partners; and Fanatics Betting & Gaming, a mobile betting, gaming and retail sportsbook platform. Fanatics’ partners include all major professional sports leagues (NFL, MLB, NBA, NHL, NASCAR, MLS, PGA) and hundreds of collegiate and professional teams, which include several of the biggest global soccer clubs. As a market leader with more than 9,000 employees, and hundreds of partners, suppliers, and vendors worldwide, we take responsibility for driving toward more ethical and sustainable practices. We are committed to building an inclusive Fanatics community, reflecting and representing society at every level of the business, including our employees, vendors, partners and fans. Fanatics is also dedicated to making a positive impact in the communities where we all live, work, and play through strategic philanthropic initiatives. At Fanatics, we’re a diverse, passionate group of employees aiming to ignite pride and passion in the fans we outfit, celebrate and support. We recognize that diversity helps drive and foster innovation, and through our IDEA program (inclusion, diversity, equality and advocacy) at Fanatics we provide employees with tools and resources to feel connected and engaged in who they are and what they do to support the ultimate fan experience.
www.fanaticsinc.com Ensure your Fanatics job offer is legitimate and don’t fall victim to fraud. Fanatics never seeks payment from job applicants. Fanatics recruiters will only reach out to applicants from an @fanatics.com or @fanatics.co.uk email address. For added security, where possible, apply through our company website at www.fanaticsinc.com/careers
Fanatics is committed to responsible planning and purchasing (RPP) practices, working with its business partners across its global and multi-layered supply chain, to ensure that planning, sourcing, and purchasing decisions, along with other supporting processes, do not impede or conflict with the fulfillment of Fanatics’ fair labor practices.
NOTICE TO CALIFORNIA RESIDENTS/APPLICANTS: In connection with your application, we collect information that identifies, reasonably relates to or describes you (“Personal Information”). The categories of Personal Information that we collect include your name, government issued identification number(s), email address, mailing address, other contact information, emergency contact information, employment history, educational history, criminal record, and demographic information. We collect and use those categories of Personal Information about you for human resources and other business management purposes, including identifying and evaluating you as a candidate for potential or future employment or future contract positions, recordkeeping in relation to recruiting and hiring, conducting criminal background checks as permitted by law, conducting analytics, and ensuring compliance with applicable legal requirements and Company policies. For additional information on how we collect and use personal information in connection with your job application, review our Candidate Privacy Policy-CA
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Application security Automation CEH CISSP Cloud Compliance Computer Science DAST GIAC GWAPT Offensive security OSCP OSWE Privacy Product security SAST SDLC Security analysis Security assessment Vulnerabilities
Perks/benefits: Career development Conferences
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.